Recovering a forgotten LUKS password

A friend of mine just forgot the fulldisk encryption password for a laptop.. sounds like a fun little adventure! This is not exactly a new topic, there are nice posts about this problem such as this one, however this is how I’ve tried to tackle the problem. The password was generated according to a couple of rules and only partially lost. Lets assume here for the sake of this little post that the password was generated by using a word list and contained multiple words, some of which are missing....

November 3, 2023 · 7 min · oblivious observer

NixOS encrypted VM installation

In this post I’ll describe how to set up a sparse VM image with full disk encryption and NixOS on ZFS, which can be uploaded to a VPS provider and then unlocked on boot using ssh. First we need to create a virtual machine image file. Initially I tried using qemu-img, but somehow the image file was missing some information and the VM would not recognize a disk. Instead I went with the easy way and used virt-manager to create a new VM with the correct image size....

August 29, 2020 · 6 min · oblivious observer

Encrypting Proxmox VE 6: ZFS, LUKS, systemd-boot and Dropbear

This describes how to set up a fully encrypted Proxmox VE 6 host with ZFS root and unlocking it remotely using the dropbear ssh server. Also it describes how you can do that, while keeping systemd-boot and thus also the pve tooling intact. (I’m not sure if the pve tooling still works if you replace systemd-boot with grub, which seems to be the common solution to creating this kind of setup, maybe it does....

August 23, 2019 · 10 min · oblivious observer